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© Encryption circuit. 



© The invention relates to an encryption circuit constructed in gate matrix technology. The circuit utilizes the 
American DES standard (Data Encryption Standard). According to a first aspect of the invention, the pin 
configuration of the circuit corresponds to the pin configuration of a- memory circuit, preferably a 'standard 
random access memory, so that the encryption circuit can be simply placed in place of a memory in the existing 
equipment. According to a second aspect of the invention,, the encryption uses a register (L, R) which is 
successively loaded 17 times in accordance with the encryption algorithm. According to a third aspect of the 
invention,' the "sub-key generation incorporated in the encryption algorithm is carried out with the aid of a 
combinatorial. block which is integrated on the chip. The invention permits a simple and quick implementation of 
the encryption algorithm'. 
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ENCRYPTION CIRCUIT 



FIELD OF THE INVENTION 

The invention relates to an encryption circuit .constructed in gate matrix technology. The circuit will 
encrypt data according to the American DES (Data Encryption Standard). 

5 To encryp; digital information is today of highly topical interest. There are more and more data bases 

and they are frequently accessed via the - telecommunication network together with a modem 
(modulator/demodulator, adaptor between digital .signals and telecommunication signals). Enterprises like 
banks, petrol/stations and other business establishments transmit information between different depart- 
ments. Automatic credit card machines require communication with banks or financial companies. All these 

70 activities and similar ones:. ace growing in volume and there is an increasing requirement to be able to 
encrypt this sensitive information. 

The encryption algorithm which is of most interest is called DES, Data Encryption Standard. DES 
originated with IBM in the seventies and was- raised to a standard by the National Bureau of Standards 
(NBS) organization in the USA in 1977. Suitable references are "Cryptography and data security" by D.E.R. 

rs Denning (Adisson-Wesley 1982) or the DES Standard Data Encryption Algorithm No. 1 (DEA 1) by the 
.international standardization commission. 



PRIOR ART - 

20 " 

There lire at least two or three circuit products on the market which, have the DES algorithm in their, 
circuit program. However, none of these have the pin configuration of the circuit in a standardized manner. 
The lack of standards makes it complicated to install . the technology in existing equipment, for example 
modems.; 

25 According to the invention, an existing standard, preferably the pin configuration of a; random access 

memory (RAM), is utilized. This memory circuit is produced by a number of manufacturers,- for example 
Toshiba/whose circuit is designated - PC 5564. Exchanging a memory circuit for an encryption circuit 
provides the possibility to communicate with encrypted data. in the data system. 

■ 30 ■ ' ' 

SUMMARY OF THE INVENTION 

The invention thus provides an encryption circuit constructed in gate matrix technology,' the circuit 
being integrated on a chip, and the pin configuration of the circuit corresponding to the-pin configuration of a 
35 memory circuit, preferably a random access memory of the standard type (RAM). „ 
Other features of the invention are specified in the subsequent patent claims. 



BRIEF DESCRIPTION OF THE DRAWINGS 

40 

The. invention will now be described with reference to the attached drawings, in which: 
Figure 1 shows diagrammatically a computer system with inbuilt 'encryption circuit. 
Figure 2 shows an example of a standard memory circuit and its pin configuration. 
Figure 3 shows a simplified arrangement for ECB block encryption. : 
45 Figure 4 is a flow diagram of the data flow when encrypting with' the DES algorithm in ECB mode. 

Figure 5 is a flow diagram for the generation of the function f. 
Figure 6 is a flow diagram of the sub-key generation. 
Figure T is a diagram of bit circulation in sub-key generation. 

Figure 8 is a compressed flow diagram of the data flow in the register corresponding to Figure 4. 
so Figure 9 is a block diagram of the entire encryption circuit as it appears to the rest of the computer 

system:- 

Figure 10 is a memory map of the encryption circuit. 
DETAILED DESCRIPTION OF EMBODIMENTS OF THE INVENTION 
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The invention provides an encryption circuit in gate matrix technology. It should be able to carry out 
encryption and decryption' according to- the DES standard in the so-called ECB mode. The encryption 
algorithm is described in greater detail below. A main aim of the invention is that the encryption circuit shall 
be exchangeable for an 8 kbyte random access memory of a standard type, such as Toshiba 5564 or 

5 corresponding circuit. This is a memory circuit which is frequently used in electronic equipment. Other 
designations are, for example, 2064, 6264, 4364 and 8264. 

That the encryption circuit should be exchangeable implies that the electrical connections correspond to 
- the specification of the memory circuit. The pin arrangement must correspond and the responses on 
reading and writing should occur equivalentiy. The encryption circuit should be designed in such a manner" 

70 that the original 8 -kbyte block is retained to the greatest possible extent. It may be difficult to meet the 
requirement with an internal memory in the same circuit. In this case, a decoding logic will be included for a 
future such memory, internally or externally. The circuit will thus generate the CS, Chip Select, signal which 
can be used by an internal RAM. In addition, CS shall be taken to pin 1 of the encryption circuit for any 
"piggy-back" coupling. A memory circuit is therefore soldered above or under the encryption circuit and 

is take this CS signal from pin 1. Pin 1 is not used by the memory circuit and thus becomes an output for the 
encryption circuit In many applications, the loss of a memory circuit does not play a large" role. The 
encryption part will occupy a suitable number of memory cells from the highest address and.,downward. 

It should be possible for an imagined computer system with encryption to be an ordinary system which 
has been in operation for some time. By exchanging a memory circuit for an encryption circuit, the system 

20 is provided with the possibility of communicating with encrypted data. A typical application is communica- 
tion between computers. Figure 1 shows such a system in which a memory and CPU block and 
colummunication block can be seen. In the operating system or application program, rutines for data, flow 
must naturally .be modified.. The normal data flow to communication circuits is then diverted so that data 
take the path via the encryption' circuit. To carry out encryption, with the aid of software would certainly 

25 make the program section into a bottleneck which retards the data flow. A hardware circuit, on the other 
hand, carries out the encryption extremely quickly with the consequence that the data rate is not 
appreciably retarded. 

The circuit will therefore be exchangeable for a random access memory RAM. Figure 2 shows an 
example of such a circuit, Toshiba 5564. The memory which is for 8 kbytes and has 28 pins is quite usual 
30 in systems. 

Before considering the circuit design, the encryption algorithm must be described. DES (Data Encryp- 
tion Standard) was thus developed by IBM in the. seventies and has since become, a standard with the 
Federal Authorities in the* USA. DES also has the prerequisites for being used in the "private, sector, chiefly 
in the banking world, and is expected to spread internationally. 

35 The algorithm is intended to be implemented in hardware. Encryption and decryption are carried out 

- equally easily with a relatively small transposition in the logic. According to the standard, there are four 
different ways for encrypting/decrypting: ECB Electronic Code Book, CBS Cipher Block Chaining, CFB 
Cipher Feedback and OFB Output Feedback. The' first basic variant is called ECB. This is where the 
encryption/decryption itself is carried out The other variants require ECB as a basis. CBC, CFB and OFB all 

40 use ECB plus additional logic such as EXOR gates and shift registers for achieving their specific 
characteristics. A number of circuits with the DES algorithm are found on the market, for 'example Motorola 
MC6859, Zilog Z8068 and. so forth. The embodiment of the invention described here contains only the 
fundamental ECB but, naturally, the other variants can also be constructed by ah expert. 

ECB encrypts 64-bit data block by block with a key of 64 bits. Figure 3 shows diagrammatical I y the 

45 encrypting operation. A block m of plain text is encrypted with the aid of a key. Since the encryption 
algqrithm itself if well known, it is only the 'key which will be kept secret by the user. The key also consists 
of 64 bits but has 8 parity bits which are not included in the algorithm. 56 bits remain for the key. The result 
of the encryption is an encrypted block of 64 bits. The decryption follows the same principle as the 
encryption by transposition of so-called sub-keys. The sub-keys are calculated with the aid of the key. In 

so principle, ECB is a translation table for a data word of 64 bits and a key of 56 £>its. 

Figure 4 shows a flow diagram for the data flow during encryption. A plain text block T (64 bits) is first 
subjected to a fixed permutation IP. Here all bits are cross-coupled in accordance with a fixed pattern with 
the aid of tables. The result, still 64 bits, is thereafter divided into a 32-bit left block L zero and a right block 
R zero. This is followed by .16 similar steps. Left and right blocks are numbered continuously from zero 

55 (start block) to 16 with index i. Each block gets a new value as follows: 
U = Rm 

Ri = Li" 1 © f (Ri.K,) 
© = 32-bit exor function 
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As can be seen, the left block obtains the previous value from the right block. The right block gets new 
values through the exor function on .the. left, block and a. function. f. The function f is performed with a right 
block and a sub-key value K t as input signals. The sub-keys Kj will be described later. 

Everything is carried out 16 times with a new sub-key each time. The blocks R16 and L16 are 

s combined by linking them to form a 64-bit word. The blocks have been changed over but they are- still 
generated in accordance with the above expression. Finally, a permutation. IP"' is carried cut which is the. 
inverse of the first one, IP. This is necessary so that the algorithm can both encrypt and ."decrypt. The value 
after IP" 1 is the encrypted text and contains 64 bits. 

Figure 5 shows how the function f is calculated. There are two inputs and one output, ihe buses R M of 

70 32 bits and K, of 48 bits are input signals, f (R M . K ( ) with 32 bits is the output signal. First there is an 
expansion E of the 32-bit R value to a 48-bit word by 16' of the 32 bits in R being doubled in accordance 
with a particular pattern with 'the aid of table look-up. After that, the result from the expansion is- added by • 
means of the exor function bit by bit to a 48-bit sub-key K. In this way, 8 pieces of 6-bit addresses are 
obtained for the same amount of tables, Si to Ss. Each table has an output of several bits and a 6-bit 

75 address input. The tables are named S-boxes and here the values are found as -4 bits (0-15). The S-boxes 
are quite simply fixed stores. Out of each box 4 bits are therefore obtained which with 3 S-boxes and 
linking-together provide a 32-bit word. The word is subjected to a fixed permutation P according to the table 
look-up. The result becomes a 32-bit word which constitutes f (Rj.i, Kj). . 

Figure 6 shows the. generation of the 16 sub-keys. The original key K of 64 bits is subjected to a fixed 

20 permutation PC-1 (permuted choice 1) with the aid of a tablet There, the parity bits are extracted and the 
remaining 56 bits are changed over. The parity bits make up every 8th bit in the original 64-bit word. The 
56 bits are further divided into two halves of 28 bits Co, D 0 . Sub-keys Ki to Ki 6 will be formed and this is 
done with left-hand rotation of C and D as shows in Figure 7. The number of shifts, rotations which will be 
carried out is determined by a table. After Ki 6 has been shifted forward (28 shifts), the original value 

25 according to PC-1 is generated. Each result of the shifts in C and-D is linked and subjected to a fixed 
permutation in PC-2. Since the number of bits is 2 times 28 = 56 in C, D, and" K k will consist of 48 bits, 
certain bits must be discarded in PC-2. AH bits in C, D will, nevertheless, be used sometime by PC;-2 due to 

the rotation. . 

During the decryption, the same algorithm is used except that instead of using the sub-keys K#.tKi6 in 
.30 the above-mentioned order, they are changed over into the order K r6 -Ki . However, this creates' problems in 
the generation of the sub-keys. The time to first take out K ie and then K15 and so forth becomes very long 
if only left shifts are carried out. This is because the entire shift table will be carried out from top to bottom. 
By introducing right ♦shifts with a start from the bottom, the time consumed becomes the same for 
encryption and decryption! However, the shift column must be raised up one step. Sub-key Ki 6 is then 
35 obtained without any shift and Ki after 27 right shifts. 

According to the invention/ however, the implementation is in hardware and then no shifts at all are 
used. This is done entirely combinatoriiy without adding any shift registers, as will be described below. 

The text following describes how the invention implements the execution of the encryption algorithm in 
gate matrix technology. The algorithm itself consists of 16 steps in which new data is generated between. 
40 each step. It is all carried out with a width of 64 bits and the circuit expenditure would be very high with 
direct copying of the algorithm. According to the invention, therefore, only one register is used which is 
loaded 17 times: one time for incoming 64-bit blocks and 16 times for the conversion. Figure 8 shows 
diagrammaticaily how the data streams are organized between the register L, R, the function f and a 
multiplexer MUX. Since all flip-flops in a gate matrix are clocked continuously, the logic must feed back the 
45 flip-flop output signals to. the inputs as these will not change state. The multiplexer in front of the registers 
has three different signals "to select from: data in, the new data of the algorithm from function f, and the 
earlier data of the register. The accessible data bus from the environment has 8 bits. Loading and reading 
of data must therefore occur in eight steps (8x8 = 64). The MUX block becomes relatively extensive. 

According to the algorithm, a 56-bit key will thus be entered into a register and subjected to a number 
so of shifts of different length before each instant in the encryption. According to the invention, this is achieved 
by means of a combinatorial block in order to avoid retarding the process with an extra control unit. With a 
network of 768 transmission gates and control logic, the right bit can. be -forwarded to the right output, which 
then replaces the LS block in Figure 6. 

The largest proportion of the block is taken up by the so-called S-boxes. There are 8 storage units with 
55 six inputs and four outputs in each box. These are built up discretely with the aid of gates and function as 
fixed memories with given output data for each address. 

Figure 9 shows how the encryption circuit appears to the computer system. The input signals are a 13- 
bit address bus, Chip Enable (CE), read/write (R/W) arid output enable (OE). The data is output and input on 
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an 8-bit data. bus. The RAM block listens to all thirteen bits while the encryption block only uses five bits. A 
decoder (DEC) puts out the right CE signal to the right- block on the basis of the address. OE controls the 
output buffer (three-state multiplexer) which is two-way for data writing. 

"To a programmer, the encryption circuit looks like a memory circuit with 32 memory positions of 8 bits - 

5 each, in other words one byte. The operations which can be carried out are:, writing-in of data or key block,' 
respectively, starting encryption or decryption, reading of status and reading of encrypted data. Data, 
encryption and key block are all of 64 bits each. Since the data bus of the circuit has 8 bits width, the block 
must be written and read in 8 part blocks. The data bus is used for the block and status but start and the 
choice of encryption/decryption are controlled by writing with certain address bits set to 1 or 0. The value of 

70 the data bus :has no significance in this connection.' The functions are determined by the address bits A 0 to 
A*. 

A*: 0 = dt (data and key) 1 = cnt (control mode) 
A 3 0 = reg (data register) 1 key (key register) 

A 2 -o Addresses 0-7. MSB (most significant byte) for data or key block is placed in A 2 -o = 000 and LSB in 

75 111. ' ' . ":7 " * 7'"* 

Since A* = 0, A 2 -A 0 represents the 8 addresses of the part-blocks in the data or key block. A 3 has the 
function of register selection. , 

The key can be written in. but not read out. When the run has been activated, encrypted/decrypted data 
can be read out after the status has been read. 
20 When A4 = 1, control mode, the command start can be given and the status read. 
The following applies for writing: ' " - - 



' A*:1 


= cnt (control) 






A3: X 


= no function 
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= no function 
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= run 
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= encrypt 
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= decrypt 



30 

When reading status, the following applies. 
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40 


Ao: x 


= no function 


Do 


= 1: running 








Do 


= 0: conversion clear 



;_On D 0l status reading provides the answer if the encryption/decryption is clear. 
Do = 1: running (not clear) D 0 = 0: clear 

D1 shows the mode the circuit is in 1 
Di = 1: encryption D1 = 0: decryption 

Alternatively, it can all be seen as a memory package with address selection as. function control. The 
table in Figure 10 shows all possible read and write operations the circuit can be subjected to. As can be 
seen, there are many redundant registers in the memory map. Addresses of interest are those which have 
been marked in bold lettering. The functions in brackets are duplicates. 



EXAMPLE 

In practice, a program loop can use the registers in this way: 
(One block is encrypted and decrypted, not so realistically) 
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1. Write-in the key at address S0-7 

2. Write-in the data. block at address S8-F .. . . 

3. Write at address $13, = start of encryption, data bus without function 

4. Read status address S10 until D = 0 

5 5. Read encryption block at address S8-F 

6. Write-in encryption block, S8-F (not necessary in this case) 

7. Write at address $10 = start of decryption, databus without function 

8. Read status 

9. Read the decrypted data block S8-F 

10 At this point, the same original block should be obtained. ...... 

The absolute addresses for the circuit are obtained by adding S1FEO to the above addresses. A 
column with these is also given. 

In accordance with the above description, the invention thus provides an encryption circuit with many 
advantages. According to a first aspect of the invention, the encryption circuit is integrated on one chip and 
75 has a pin configuration which corresponds to a standard memory. The encryption circuit can thus be 
. directly placed in the existing- equipment in place of a random access memory (RAM). The encryption bit 
itself only takes up 32 memory positions (bytes) of 8 kbytes (8192). The 32 bytes, however, must be 
handled by the operating system in such a manner that they are not used as RAM positions. The RAM area 
itself is not used in any way by the encryption/decryption unit, but instead this may be eliminated if the rest 
20 of the system does not require the memory area. 

According to a second aspect of the invention, a single" data register is used for implementing the 16 
steps in, the DES algorithm. The 64-bit register is implemented with the aid of the 32 memory position's of 1 
byte each. A part of the memory positions is thus redundant. By using a suitable logic comprising, inter alia, 
a three-state multiplexer which selects one of three buses, a considerable simplification of the circuit is thus - - 
25 made possible. 

A third aspect of the invention is that the sub-keys in the DES algorithm are generated with the aid of 
• combinational logic. This technique is very quick and does not result in any delay in the data rate. 

Naturally, an expert can think of many embodiments of the present invention. The invention is only 
limited by the patent claims below. 
30 . 

Claims 

♦ 

1. Encryption circuit constructed in gate matrix technology, characterized. in that the circuit is integrated 
35 on a chip, the,, pin configuration of the circuit corresponding to the pin configuration of a memory circuit. 

* 2. Encryption' circuit according to Claim 1 , characterized in that the pin configuration of the circuit 
corresponds to the pin configuration of a standard memory (RAM). 

" 3. Encryption circuit according to Claim 1 or 2, characterized in that -the chip also contains, besides "the 
encryption function, addressable memory positions to essentially the same extent as the said memory 
40 circuit. ~* - 

4. Encryption' circuit according to any of the previous claims, characterized in that the encryption 
utilizes -32. memory positions each of 8 bits (one byte) of a total of 8 kbytes which are contained in the 
circuit./in" which respect the remaining memory positions can be utilized as a normal random access 
memory (RAM). 

45 5. Encryption circuit according to any of the previous claims, characterized in that the encryption 

utilizes the algorithm according to DES (Data Encryption Standard), in which a register.comprising 64 bits of 
the memory positions of the encryption is successively loaded 17 times: one time for an incoming 64-bit 
block and 16 times for the conversion, and the input signals to the register are. controlled by a multiplexer. 
6. Encryption circuit according to Claim 5, characterized in that sub-key generation is carried out by a 

so combinatorial block which is integrated on the chip. 
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